See YOU at Derbycon!

I will be presenting Friday night at 7pm Eastern at Derbycon. Come on out and see us discuss the history, models and cellular nature of cyber-crime. We also plan to cover where we think online crime is likely to go in the next couple of generations and discuss some ideas for what we need to consider to combat the issues.

Drop by or chat in the hallways and we look forward to seeing you. Myself (@lbhuston), Phil Grimes (@grap3_ap3) and Adam Hostetler (@adamhos) will be in attendance. Tweet us if you want to connect! 

Have a great weekend! 

OWASP Talk Scheduled for Sept 13 in Columbus

I have finally announced my Columbus OWASP topic for the 13th of September (Thursday). I hope it turns out to be one of the most fun talks I have given in a long while. I am really excited about the chance to discuss some of this in public. Here’s the abstract:

Hey, You Broke My Web Thingee! :: Adventures in Tampering with Production

Abstract:
The speaker will tell a few real world stories about practical uses of his defensive fuzzing techniques in production web applications. Examples of fighting with things that go bump in the web to lower deployment costs, unexpected application errors and illicit behavior will be explained in some detail. Not for the “play by the book” web team, these techniques touch on unconventional approaches to defending web applications against common (and not so common) forms of waste, fraud and abuse. If the “new Web” is a thinking admin’s game, unconventional wisdom from the trenches might just be the game changer you need.

You can find out more about attending here. Hope to see you in the crowd!

PS – I’ll be sharing the stage with Jim Manico from White Hat Security, who is always completely awesome. So, come out and engage with us!

Handling Unknown Binaries Class Available

 

J0289552

Recently, I taught a class on Handling Unknown Binaries to the local ISSA chapter and the feedback was excellent. I have talked to many folks who have asked if this class was available for their infosec teams, help desk folks and IT staff on a group by group basis. I am thrilled to announce today that the MSI team is making that same class available to companies and other groups.

The course abstract is as follows:

This is a hands on class and a laptop is required (you will need either strings for windows/Cygwin or regular Linux/OS X). This class is oriented towards assisting practitioners in covering the basics of how to handle and perform initial analyses of an unknown binary. Course will NOT cover reverse engineering or any disassembly, but will cover techniques and basic tools to let a security team member do a basic risk assessment on a binary executable or other file. Given the volume of malware, various means of delivery, and rapidly changing threats, this session will deliver relevant and critical analytical training that will be useful to any information security team.

The course is available for scheduling in early September and can be taught remotely via Webex or onsite for a large enough group. 

To learn more about this and other training that MSI can conduct, please drop us a line at info[at]microsolved[dot]com or give an account executive a call at (614) 351-1237. You can also engage with me directly on the content and other questions on Twitter (@lbhuston). 

As always, thanks for reading and stay safe out there.